home

Moira2.exe

Numbness

Electronics corp.

The file Moira2.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from phuziazsns.org.
Publisher:
Electronics corp.

Product:
Numbness

Description:
Indtsende3

Version:
1.00

MD5:
cb75039954341725c2c6469a1755d168

SHA-1:
db8fa52f4e04ea7eebe7ec30902d2301fd5508ee

SHA-256:
2383127aa7982a3a107a09566f1eb6ad7d8b5c197210c684d6a3bd3f05b572f6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
2/27/2025 7:31:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader.Electron.Meta (M)
16.6.27.0

File size:
256 KB (262,195 bytes)

Product version:
1.00

Original file name:
Moira2.exe

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\local\temp\783b.tmp

File PE Metadata
Compilation timestamp:
5/5/2016 1:12:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:VRRRRA21pYnmKJUU95bLMo9IgYGRQsDbx9ukBEpoa6y4CnSHfPy9p:JgmUteqCGWsbx4MEpoavnMPy9p

Entry address:
0x122C

Entry point:
68, 3C, BB, 43, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, D2, FA, 54, 38, C8, 93, 28, 4A, A6, C8, E6, FB, BB, 30, 27, A1, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, B8, A3, FF, 02, 4C, 61, 74, 69, 63, 69, 66, 65, 72, 30, 00, 00, 20, 08, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 79, E7, B6, 92, 5E, D1, C1, 47, AA, D5, AF, 0D, 50, 22, EA, 3B, 7A, 72, EF, 0D, 81, DD, D9, 45, AA, EC, F1, 55, DA, AF, 74, B4, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
7.8307

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
244 KB (249,856 bytes)

The file Moira2.exe has been seen being distributed by the following URL.

https://phuziazsns.org/7551611796313/7551611796313/.../FlashPlayer.exe

Remove Moira2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.